CVE-2019-4433
7.1
CVSS:3.0/AC:L/C:H/A:L/UI:N/I:N/PR:L/S:U/AV:N/E:U/RL:O/RC:C
Summary
IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162890.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | InfoSphere Identity Insight | 8.1 | affected |
| IBM | InfoSphere Identity Insight | 9.0 | affected |
| IBM | InfoSphere Global Name Management | 5.0 | affected |
| IBM | InfoSphere Global Name Management | 6.0 | affected |
Weaknesses
- Obtain Information
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/docview.wss?uid=ibm10958081
- https://www.ibm.com/support/docview.wss?uid=ibm10958079
- https://exchange.xforce.ibmcloud.com/vulnerabilities/162890
References
- https://www.ibm.com/support/docview.wss?uid=ibm10958081
- https://www.ibm.com/support/docview.wss?uid=ibm10958079
- https://exchange.xforce.ibmcloud.com/vulnerabilities/162890
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.